If CORS protected UIs are set up, there is an issue when the browser tries to access the logs of a running container in the RM web UIv2.
Assuming ATS is not up, the browser follows the following call chain:
- Tries to access ATS, it fails, falls back to JHS
- From RM the browser received basic app info, we know that the application is running
- From the JHS we got the list of containers and their log files.
- When we try to access a specific log file, the JHS redirects the request to the NM's UI (on which node the container is running). This redirect is performed by the browser automatically. In this setup the host is considered as a protected information, thus the browser omits the "Origin" field from the request when this redirect is done. The browser then denies access to the NodeManager's web UI due to the CORS header set up for NM, but the Origin is null in the redirect request.
- Finally, "Logs are unavailable" message is shown in the RM web UIv2 due to the CORS violation.
We should fix this. As an approach we can expose another endpoints which only returns the URL of the NodeManager what we should call directly from the UIv2 in order to receive the log. This adds a bit of a complexity, but will enable users to keep the CORS protected setup.